Skip to content

Apple’s iMessage service targetted by Pegasus; fix issued

Citizen Labs have yet again discovered a zero-click exploit related to NSO Group’s Pegasus Spyware. The exploit target’s Apple’s iMessage service, specifically the image rendering library, is effective against iOS, macOS, and WatchOS devices. 

The exploit, named ForcedEntry, has been detailed in Citizen Labs’ report published Monday and is believed to be in use since February 2021. The exploit had surfaced last month when Citizen Labs reported that the Bahraini Government was spying on nine activists, some of which were hacked using the ForcedEntry exploit.

The discovery and code have been reported to Apple, which has assigned the CVE code CVE-2021-30860 to the exploit and has released an update to patch the exploit.

According to Apple, iPhones running versions older than iOS 14.8, Macs running macOS prior to OSX Bug Sur 11.6 (Security Update 2021-005 Catalina) and Apple Watches prior to watchOS 7.6.2 are still vulnerable to the exploit. 

In the News: Tinder announced biggest update since Swipes: Tinder Explore


Deleting GIFs in a jiffy

Citizen Labs had inspected the phone of a Saudi activist back in March 2021 to determine whether or not they’ve been hacked by Pegasus and had obtained an iTunes backup during the process.

During a recent re-analysis of the backup, the company found several files with a .gif extension which they determined were sent to the phone right before it was hacked by Pegasus, indicating that the payload might be among these files. 

As the format of the files matched with two types of crashes already observed on another phone affected by Pegasus, Citizen Labs reported these artefacts to Apple under suspicion of them containing parts of the Forcedentry exploit chain.

On Monday, Apple confirmed that these files do, in fact, contain a zero-day exploit against iOS and macOS devices. The exploit has been described as “processing a maliciously crafted PDF may lead to arbitrary code execution.” The exploit works by taking advantage of an integer overflow vulnerability in CoreGraphics, Apple’s image rendering library. 

The fact that the exploit uses multiple process names, including ‘setframed’ and a forensic artefact called CacadeFail, led Citizen Labs to attribute the exploit to Pegasus and eventually NSO group as these elements have been observed in previous Pegasus exploits.

This isn’t the only vulnerability Apple patched on Monday, either. Another vulnerability called CVE-2021-30858 was reported by an anonymous researcher was patched. The issue has been described as “processing maliciously crafted web content may lead to arbitrary code execution.”

In the News: Amazon unveils smart TVs, upgrades Fire Stick and expands Luna support

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix








>